Ferreteria/v0.5/login/session: Difference between revisions

Revision as of 16:05, 24 March 2022

If browser has a Session cookie:
- Search for Session matching the cookie
- If found:
  - Session bookkeeping: update WhenUsed
  - Account bookkeeping: update WhenUsed
  - Login object bookkeeping: note session-logged-in
- Else (no matching Session)
  - if Session ID matches but token is wrong:
    - Event log: token mismatch (possible hacking attempt)
  - Create new Session
  - Send correct Session cookie to browser
  - Login object bookkeeping: note not-logged-in
Else (no Session cookie)
- Search for Session matching the browser profile
- If found:
  - Generate Session cookie and send it to browser
  - Login object bookkeeping: note not-logged-in

Everything starts with csLogin::IsLoggedIn(), which calls...

csLogin::Validity()
- csLogin::Validate()
  - <Session Feature>->MakeActiveSession()
    - <Session Feature>->ActivateSession()

@@ Line 18: / Line 18: @@
 *** '''Login object bookkeeping''': note not-logged-in
 ==Code==
-===authenticating session===
+Everything starts with <code>csLogin::IsLoggedIn()</code>, which calls...
-<code>{{arg|Session Feature}}->UserIsLoggedIn()</code>
+* <code>csLogin::Validity()</code>
-* &rarr; <code>NativeRow()->UserIsLoggedIn()</code>
+** <code>csLogin::Validate()</code>
-===reading login status===
+*** <code>{{arg|Session Feature}}->MakeActiveSession()</code>
-Example: see code in <code>cMenuLink->FigureIfAuthorized()</code> in {{l/ferreteria/code|tree/items/MenuLink.php}}
+**** <code>{{arg|Session Feature}}->ActivateSession()</code>
-* This is called once per object from <code>ftRequiresPermit->OnRunCalculations()</code> in {{l/ferreteria/code|tree/items/traits.php}}.